Why SafeClaw Has Zero Third-Party Dependencies
Why SafeClaw Has Zero Third-Party Dependencies
Open SafeClaw's package.json and look at the dependencies field. You will find one entry: @anthropic-ai/claude-agent-sdk. That is the Anthropic SDK required to run Claude agents. Beyond that, SafeClaw has zero third-party runtime dependencies.
No Express. No Axios. No lodash. No Winston. No Helmet. No jsonwebtoken. Zero.
This was not an accident. It was a deliberate security decision we made on day one and have maintained through every feature addition since.
The Attack Surface Argument
Every dependency you install is code you did not write, did not review, and implicitly trust to run in your process. In the Node.js ecosystem, a single npm install of a popular framework can pull in hundreds of transitive dependencies. Each one is a potential vector for supply chain attacks.
SafeClaw is security software. Its job is to stand between an AI agent and the actions that agent wants to take on your machine. If SafeClaw itself is compromised through a malicious dependency, the entire safety guarantee collapses. The gate is broken from inside.
We decided that was an unacceptable risk. If we needed functionality, we would write it ourselves using Node.js built-in modules.
What We Built Instead
Here is what we wrote instead of installing packages:
HTTP server: SafeClaw's dashboard runs onnode:http with a custom router. No Express, no Koa, no Fastify. The server module is ~400 lines of code. It handles routing, CORS, CSRF protection, security headers, SSE streaming, static file serving, and rate limiting. Every line is auditable.
OpenAI agent loop: Instead of depending on OpenAI's SDK, we built a custom agent loop using node:fetch. It handles the chat completions API, tool call extraction, function result formatting, and streaming. Zero dependencies. The implementation is in src/openai-agent.js.
Audit ledger: SHA-256 hash chaining using node:crypto. Append-only JSONL writes using node:fs. No database driver, no ORM, no logging framework.
Input validation: ReDoS protection, secret redaction, string assertions -- all implemented as pure functions in src/validate.js. No Joi, no Zod, no class-validator.
Rate limiting: Sliding window rate limiter in src/rate-limit.js. Approximately 50 lines of code. No external rate-limit middleware.
Webhooks: Slack, Discord, and generic HTTP webhooks using node:fetch (or the global fetch in Node 20+). Format detection and payload construction in src/webhook.js.
SMS notifications: Twilio API calls using raw HTTP requests. No twilio npm package.
Configuration: JSON file reads and writes with node:fs. Profile management, environment variable handling, path resolution. No dotenv, no convict, no config.
Task scheduling: Cron expression parsing and next-run calculation in src/scheduler.js. No node-cron, no agenda, no bull.
The Cost We Pay
Zero dependencies is not free. We write more code. When a Node.js built-in API changes, we update our usage directly rather than relying on a library to abstract the change. When we need a feature that a library provides in one import, we implement the specific subset we need.
But the cost is predictable and bounded. We know exactly what our code does because we wrote all of it. When a security advisory drops for a popular npm package, we do not need to check if we are affected. We are not.
The only devDependency is vitest, our test runner. It runs during development and CI. It never ships to production. It never runs on your machine when you npx @authensor/safeclaw.
Supply Chain Context
The JavaScript ecosystem has experienced multiple high-profile supply chain attacks. Malicious packages, typosquatting, dependency confusion, compromised maintainer accounts -- the attack surface is real and actively exploited.
For most applications, the risk-benefit trade-off of using dependencies is reasonable. The productivity gain from Express or Axios justifies the trust you place in those packages and their transitive dependency trees.
For security software that gates AI agent actions on your machine, we believe the trade-off is different. The trust you place in SafeClaw is absolute: it decides whether your agent can write to your file system, execute shell commands, and access your network. That trust should extend to as little code as possible.
Twenty-five source files. Zero runtime dependencies. Every line of code is in our repository, readable, auditable, and tested.
How This Affects You
When you run npx @authensor/safeclaw, the install is fast. There is no dependency tree to resolve. There are no post-install scripts from third-party packages running arbitrary code. The package-lock.json is minimal.
When you audit SafeClaw -- and we encourage you to -- you are auditing our code, not a tree of transitive dependencies maintained by strangers.
When a new CVE is published for a popular npm package, your SafeClaw installation is not affected.
This is what we mean by a smaller attack surface. It is not a marketing claim. It is a measurable property of the software: zero third-party runtime dependencies, documented in package.json, verifiable by anyone.
Read more about our security model in the SafeClaw security documentation. Browse the source at github.com/AUTHENSOR/SafeClaw.